RE: PgAdmin4 OAuth2 with PingFederate

Hi,

Can you please provide the output of https://idp.rbinternational.com/idp/userinfo.openid API call ?

It looks like the user profile received from the PingFederate does not have an email id.

Thanks,

Khushboo

Dear PgAdmin support community,

 

We are trying to to configure OAuth2 for PgAdmin4 and PingFederate. We are already quite forward, but still don’t have a success.

 

 

 

Here is our configuration:

AUTHENTICATION_SOURCES = ['oauth2', 'internal']

 

OAUTH2_CONFIG = [

    {

        # The name of the of the oauth provider, ex: github, google

        'OAUTH2_NAME': 'PingID',

        # The display name, ex: Google

        'OAUTH2_DISPLAY_NAME': 'PingID',

        # Oauth client id

        'OAUTH2_CLIENT_ID': clientID,

        # Oauth secret

        'OAUTH2_CLIENT_SECRET': 'secret',

        # URL to generate a token,

        # Ex: https://github.com/login/oauth/access_token

        'OAUTH2_TOKEN_URL': 'https://idp.rbinternational.com/as/token.oauth2',

        # URL is used for authentication,

        # Ex: https://github.com/login/oauth/authorize

        'OAUTH2_AUTHORIZATION_URL': 'https://idp.rbinternational.com/as/authorization.oauth2',

        # Oauth base url, ex: https://api.github.com/

        'OAUTH2_API_BASE_URL': 'https://idp.rbinternational.com',

        # Name of the Endpoint, ex: user

        'OAUTH2_USERINFO_ENDPOINT': 'https://idp.rbinternational.com/idp/userinfo.openid',

        # Oauth scope, ex: 'openid email profile'

        # Note that an 'email' claim is required in the resulting profile

        'OAUTH2_SCOPE': 'openid email profile',

        # Font-awesome icon, ex: fa-github

        'OAUTH2_ICON': None,

        # UI button colour, ex: #0000ff

        'OAUTH2_BUTTON_COLOR': '#CA300F',

    }

]

OAUTH2_AUTO_CREATE_USER = True

 

I am not sure what value we need to set in the userinfo_endpoint, I tried with user, userinfo and some other things, but only when having the url is not failing.

 

 

We do a full round trough PingID, getting the token and get back to PgAdmin4, but then we see:

 

 

 

The redirect URL is set and it looks like its working, because we get back correctly.

 

According the logs of Ping Federate we have obtained the tokens correctly.

 

We would be really thankful of support!

 

BR,

Emil ATANASOV

 

This message and any attachment ("the Message") are confidential. If you have received the Message in error, please notify the sender immediately and delete the Message from your system, any use of the Message is forbidden. Correspondence via e-mail is primarily for information purposes. RBI neither makes nor accepts legally binding statements via e-mail unless explicitly agreed otherwise. Information pursuant to § 14 Austrian Companies Code: Raiffeisen Bank International AG; Registered Office: Am Stadtpark 9, 1030 Vienna, Austria; Company Register Number: FN 122119m at the Commercial Court of Vienna (Handelsgericht Wien).